[Secure-testing-commits] r3061 - in data: . CVE
Florian Weimer
fw at costa.debian.org
Thu Dec 15 18:51:07 UTC 2005
Author: fw
Date: 2005-12-15 18:51:01 +0000 (Thu, 15 Dec 2005)
New Revision: 3061
Modified:
data/CVE/list
data/embedded-code-copies
Log:
CVE-2005-4048: mplayer, gst-ffmpeg vulnerable; kino is not
CVE-2005-3392, CVE-2005-3391: PHP safe mode vulnerabilities, low impact
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-15 15:53:19 UTC (rev 3060)
+++ data/CVE/list 2005-12-15 18:51:01 UTC (rev 3061)
@@ -376,6 +376,9 @@
CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer function ...)
- ffmpeg <unfixed> (bug #342207; medium)
- xine-lib <unfixed> (bug #342208; medium)
+ - mplayer <itp> (bug #113238; medium)
+ - gst-ffmpeg <unfixed> (bug #343503; medium)
+ NOTE: kino does not contain the vulnerable code.
CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ...)
NOT-FOR-US: IISWorks ASPKnowledgeBase
CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java ...)
@@ -2338,11 +2341,15 @@
{DSA-885-1}
- openvpn 2.0.5-1 (bug #336751; medium)
CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...)
- - php4 <unfixed> (bug #336645; unknown)
- - php5 <unfixed> (bug #336654; unknown)
+ - php4 <unfixed> (bug #336645; low)
+ - php5 <unfixed> (bug #336654; low)
+ NOTE: According to CVE, this is a safe mode violation,
+ NOTE: therefore low impact. (According to SuSE, it's an
+ NOTE: information leak.)
CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...)
- - php4 <unfixed> (bug #336645; unknown)
- - php5 <unfixed> (bug #336654; unknown)
+ - php4 <unfixed> (bug #336645; low)
+ - php5 <unfixed> (bug #336654; low)
+ NOTE: This is a safe mode violation, therefore low impact.
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...)
- php4 <unfixed> (bug #336645; high)
- php5 <unfixed> (bug #336654; high)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2005-12-15 15:53:19 UTC (rev 3060)
+++ data/embedded-code-copies 2005-12-15 18:51:01 UTC (rev 3061)
@@ -118,6 +118,7 @@
xine-lib
xvidcap (currently in NEW)
kino
+gst-ffmpeg
mad MPEG decoding lib:
mad
More information about the Secure-testing-commits
mailing list